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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address « 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time maybe available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )□ Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) I3 Claim(s) 7-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 1-30 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
Priority under 35 U.S.C. §§119 and 120 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

13) K Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application) 

since a specific reference was included in the first sentence of the specification or in an Application Data Sheet. 
37 CFR 1.78. 

a) □ The translation of the foreign language provisional application has been received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 since a specific 

reference was included in the first sentence of the specification or in an Application Data Sheet. 37 CFR 1.78. 
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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1, 2, 4, 8, 10, 15, 16, 17, 20, 27, and 29 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Baum et al. (US 6,400,707). 

3. Regarding claims 1,15, and 20, Baum et al. discloses a method and a system for 
managing security in communication sessions across networks. The operation of the system in 
establishing a call connection may be described as follows: The actual call set up signaling flow 
starts at the point where the user has established IP layer connectivity with the network, and has 
invoked the voice over Internet software application (VOIP packets). See col. 4, lines 15-20. 
Referring to Fig. 3, there is shown a detailed description of a firewall mechanism according to 
the invention. See col. 5, lines 24-26. The static firewall acts as a rule based packet filter. 
However, according to the invention the rules are automatically and dynamically set. The 
security is applied to each port on the fly to provide extremely fast operation (filtering all packets 
associated with the dynamically negotiated VOIP port). See col. 5, line 61-col. 6, line 8. In 
setting up a call, the PC application notes an address and sends a Q.391 message to set up a 
conversation. The Q.391 messages reaches the static firewall 340, which checks the message to 
confirm that it is a valid Q.391 stream (filtering packets received in a network switch to trap at 
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least one VOIP call setup message). See col. 6, lines 51-62. The gateway 324 consults its 
authorization database, notes that it has a valid customer and sends a negotiation message back to 
the PC 326. The message contains the proposal of the gateway for a codec and port. The control 
processor reads and analyzes the replicated message, notes the codec and port, and notes that the 
gateway has authorized the call (determining a dynamically negotiated VOIP port). See col. 7, 
lines 25-41. The control processor now generates a set of security specifications, compiles a 
filter configuration message, and sends this to the filter or firewall. The firewall filter now 
monitors every packet that follows for strict conformance with the filter requirements (taking 
predefined filtering actions upon the subsequent packets). See col. 7, lines 41-52. 

4. Regarding claim 2, as mentioned previously, the firewall filter monitors every packet 
according to the specifications sent to it by the control processor (a filtering step by a fast 
filtering processor). 

5. Regarding claim 4 as mentioned previously, the firewall filter monitors every packet. 
The filter can include source and destination IP addresses, packet size, protocol, and port — all of 
which are types of information found in the packet header (snooping a packet header of the first 
packet; and determining if a VOIP well known port is contained in the packet header). 

6. Regarding claim 8, as mentioned previously, the message contains the proposal of the 
gateway for a codec and port. The control processor then reads and analyzes the message and 
notes the codec and port. 

7. Regarding claims 10, 16, and 17, as mentioned previously, the firewall filter knows the 
port from specification messages that it receives from the control processor (storing the port). 
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The firewall filter then monitors the packets to make sure they are in compliance with the rules 
(filtering all packets; classifying filtered packets in according with the filtering actions). 

8. Regarding claim 27, it is inherent that the system firewall filter is connected to some sort 
of memory device in order to store all of the rules that the firewall needs to execute. 

9. Regarding claim 29, Baum et al. discloses that the customer boots to the PC to begin to 
process of establishing a call. The PC, in turn, talks to the processor when it sends out a request 
to make a call. 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

11. Claims 7, 9, 11,13, 14, 18, 19, and 28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Baum et al. and in light of the rejection to claims 1,15, and 20. 

12. Regarding claim 7, Baum et al. does not expressly disclose determining a layer 4 port 
negotiated by at least 2 VOIP users. However, it would have been obvious that the system of 
Baum et al. could have been extended from 1 VOIP user in negotiation to 2 users. One would 
have been motivated to do this because it's possible that 2 users want to communicate with the 
same destination, so in this way, the system would not have to set up two different connections 
with the same characteristics. 

13. Regarding claim 9, Baum et al. does not expressly disclose determining an RTP port. 
However, it would have been obvious to negotiate for an RTP port in the system of Baum et al. 
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when the step of negotiating for ports occurs. One would have been motivated to do this because 
RTP provides real-time transport, which makes it ideal for voice traffic which needs to be in 
real-time in order for there to be a coherent conversation. 

14. Regarding claims 11, 13, and 14, Baum et al. does not expressly disclose storing the 
generated filter in a filter table. However, it would have been obvious to store this information 
that the firewall filter uses in a table. One would have been motivated to do this because a table 
can be easy to search, which would lead to quicker switching times. Also, with regard to claim 

14. a firewall inherently drops packets that don't fit the filter rules (dropping the filtered packet). 

15. Regarding claim 18, Baum et al does not expressly disclose where one of the filtering 
actions includes changing the priority of the packet to reduce network transmission delay for the 
packet. However, it would have been obvious to include this as one of the filter rules in the 
firewall filter of Baum et al.. One would have been motivated to do this because this would 
allow the most voice traffic to pass through and allow conversations to be smoother. Also, Baum 
et al. also says that the filter provides full time filtering on a very specific set of specifications or 
rules which are customized for each communication path and set in the firewall in virtual real 
time. By being able to change these rules dynamically, the system of Baum et al. has the 
capability of letting certain packets through on certain ports, thereby giving priority to certain 
packets when needed. 

16. Regarding claim 19, a firewall inherently drops packets that don't fit the filter rules 
(dropping the filtered packet). 

17. Regarding claim 28, Baum et al. does not expressly having both an internal memory and 
an external memory. However, it would have been obvious to have both an internal and external 
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memory. One would have been motivated to do this because having both allows for a backup in 
case one of the memories is to fail 

18. Claims 3, 5, 6, 12, 21-26, and 30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Baum et al. in view of Klein et al. (US 6,085,328). 

19. Regarding claims 3, 5, 12, and 21, Baum et al. does not expressly disclose using filter 
masks on the information and comparing the information in the packet to a table. Klein et al. 
discloses selecting a mask and a hash function to calculate from that mask. This process is 
shown in Fig. 4. See also col. 5, line 66-col. 6, line 28. The 16-bit result of the hash function 
calculation is then compared with at least one desired 16 bit value. See col. 7, lines 43-48. 
These values are inherently kept in a table in memory. It would have been obvious to a person of 
ordinary skill in the art at the time of the invention to apply these filtering and comparing steps 
from Klein et al. in the system of Baum et al.. One would have been motivated to do this 
because filter masking and hashing allow the system to use less power when connected to the 
network. Also, the techniques of hashing and filter masking are commonly used when extracting 
information from a packet and comparing it to what already exists in a table. 

20. Regarding claim 6, the combination of Baum et al. and Klein et al. does not expressly 
disclose storing the VOIP well known port in the filtering table, but it would have been obvious 
to include the port in the table. One would have been motivated to do this because the whole 
reason for the filtering is to decide which port to use. 

21 . Regarding claim 22, neither Baum et al. nor Klein et al. expressly discloses using a 
binary search of the rules table. However, it is well-known in the art that a binary search can be 
used to search a table. It would have been obvious to use the binary search to search the table of 
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Baum et aL One would have been motivated to do this because a binary search provides a fast 
way of searching the table. 

22. Regarding claims 23, neither Baum et al. nor Klein et al. expressly discloses where the 
network switch include a CPU interface and where the rules table is programmable by a remote 
CPU. However, it would have been obvious to have been able to remotely program the CPU 
through the CPU interface. One would have been motivated to do this because if network 
conditions change, the network administrator might want to alter some of the settings in order to 
account for the changes in the network. 

23. Regarding claim 24, neither Baum et al. nor Klein et al. expressly discloses where the the 
priority of incoming packets can be changed. However, it would have been obvious to change 
the priority of certain incoming packets. One would have been motivated to do this because if 
network conditions change, the priority of certain might have to be altered to guarantee that the 
time-sensitive packets are able to reach their destination on time. 

24. Regarding claim 25, neither Baum et al. nor Klein et al. expressly discloses where 
everything can be implemented on a single silicon substrate. However, it would have been 
obvious to integrate all of these elements onto one chip. One would have been motivated to do 
this because it could make the system more compact if the elements were not spread too far apart 
from each other. 

25. Regarding claim 26, neither Baum et al. nor Klein et al. expressly discloses wherein said 
filter logic copies the selected field information and constructs a field value of a predetermined 
size based upon the selected field information. However, it would have been obvious to copy 
this information in a field value of a predetermined size. One would have been motivated to do 
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this because having field values of a predetermined size allows the system to operate faster. If 
the system knows the exact size of packets, there is no need to spend time looking up the field 
length value, which speeds up the process. 

26. Regarding claim 30, neither Baum et al. nor Klein et al. expressly discloses a fast filtering 
processor that filters the packets independent of the CPU interface. However, it would have 
been obvious to a have another processor performing these filtering functions. One would have 
been motivated to do this because having another filter perform these functions would offload 
the demands on the main processor, freeing it up to perform other functions. 



Conclusion 

27. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. Shwed (US 5,606,608), Shrader (US 6,009,475), and Kalmenak Jr. et al. (US 
6,324,279) disclose system that filter packets before then are sent to their destinations. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Timothy Lee whose telephone number is (703)305-7349. The 
examiner can normally be reached on M-F, 9-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hassan Kizou can be reached on (703)305-4744. The fax phone number for the 
organization where this application or proceeding is assigned is (703)872-93 14. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703)305-4700. 
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TLL 

Timothy Lee 
January 16, 2004 




HASSAN KIZOU/ 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2600 



